Spamassassin letting high scoring spam be delivered

Status
Not open for further replies.
americanintel

americanintel

Verified User
Joined
Mar 1, 2004
Messages
133
Location
Granbury, TX
I have ONE user that receives emails that score overly high. I have spamassassin set to block and delete anything over 4.0 yet he receives these, no one else does:

Spam detection software, running on the system "server.myserver.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: [...]

Content analysis details: (15.4 points, 4.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
2.7 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.)
1.5 FROM_NO_USER From: has no local-part before @ sign
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.2058]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[196.218.154.78 listed in zen.spamhaus.org]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?196.218.154.78>]
1.8 MISSING_SUBJECT Missing Subject: header
1.4 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS


Obviously this should have never made it to him. I wonder why this is happening? Thoughts?
 
I have a few users now on different servers that complains about the same.

Those are empty emails, the sending IP is listed but exim is accepting the mail anyway. It should be blocked based on the IP before spamassasin...
 
Same thing here - it's driving me crazy. Any advice on how to fix?

I should mention that SA is flagging it properly. My understanding is that the server should then delete it. So it's likely not actually a SA problem.
 
Last edited:
Another data point:

Spam detection software, running on the system "vps.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: [...]

Content analysis details: (15.4 points, 10.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 0.9987]
1.7 HELO_LH_HOME HELO_LH_HOME
1.1 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.)
0.8 FROM_NO_USER From: has no local-part before @ sign
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[117.242.80.117 listed in bb.barracudacentral.org]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[117.242.80.117 listed in zen.spamhaus.org]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.


Subject:
From: "" <>
Date: Wed, 11 May 2011 15:31:18 -0530
To: <[email protected]>
Click to expand...
 
Status
Not open for further replies.
Back
Top